Revista Tinerilor Economiºti (The Young Economists Journal)
Revista Tinerilor Economiºti (The Young Economists Journal)
Revista Tinerilor Economiºti (The Young Economists Journal)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Management – Marketing - Tourism<br />
or accepted by negligence. Worse, it is possible that a significant threat to be<br />
intentionally disregarded<br />
3. Analyzing <strong>The</strong> Internal And External Factors<br />
Second, we must understand that the probability of an event depends on a series<br />
of external factors as well as on internal factors of the entity (business/process/project)<br />
for which the risk assessment is made. It is essential to know and control as many of<br />
these factors as possible.<br />
<strong>The</strong> internal factors include historical data from within the entity, collected in<br />
time, as it is necessary to keep a record of all processed data, no matter if for the<br />
moment it is thought that the data will not be useful in the future.<br />
One way to achieve this without affecting the operational environment is<br />
appealing to data warehousing technology and decision support systems. Without going<br />
into technical details we mention only that the data warehouse is a way of storing data<br />
and creating information, a topic-oriented database, integrated, nonvolatile, other<br />
(sensitive) over time, which support management decisions. And decision support<br />
system is in a simple definition, the layer of data presentation from the data warehouse.<br />
In fact it is much more than a presentation layer: the decision support system extending<br />
itself from extracting data from data warehouse to present these data to the decision<br />
maker, including sophisticated reporting tools, tools, OLAP (Online Analytical<br />
Processing) and Data Mining.<br />
And when we talk about external factors, we are talking about those factors<br />
undergoing STEEP analyses (Social, Technological, Economic, Environmental,<br />
Political), factors that cannot be controlled but that could be anticipated. Here are also<br />
included the events from the company’s activity, such as natural disasters or terrorist<br />
attacks, attacks against informational systems (informational viruses, spam, DoS type<br />
attacks etc.).<br />
In order to evaluate these factors one may choose to study the statistical data<br />
available from various sources including the FBI (eg CSI FBI Survey) or various<br />
international information security experts centers such as CERT (Computer Emergency<br />
Response Team), the Software Engineering Institute or CERIS (Centre of Expertise and<br />
Response to Security Incidents).<br />
But this data gives only a vague estimate of the probability of occurrence and<br />
impact generated by such an occurrence. Such an approach is justified such as "always<br />
be prepared for the worst."<br />
4. Risk Analysis In <strong>The</strong> Software Development Cycle<br />
Third, if we come closer to the electronic business environment and the fact<br />
that one of the elements of this environment is the informational system, we must not<br />
ignore the software risk, which represents the combination between the probabilities of<br />
occurrence and the loss caused by an unwanted result which affects the project, the<br />
process or the software product.<br />
Each software system is unique with its own set of risks. <strong>The</strong>re are many<br />
software risks but fewer consequences that we want to avoid. Perhaps because of this<br />
software risk is often discussed in terms of potential cost, timing and technical<br />
consequences.<br />
In software development business the risk management has a different<br />
behavior; because in this case the accent falls more on the process of development and<br />
77